[Samba] PDC / BDC in a Samba Domain Controller.

Daniel Müller mueller at tropenklinik.de
Fri Mar 27 09:24:11 GMT 2009 

Your PDC and BDC must have the same SID,
Your BDCs ldap database should be a copy of Your PDCs. Also the BDC should
be a slave to the PDCs ldap. So every change in Your
PDcs database should change on your BDC. This is quite simple with slurpd.
If the PDC now stops the BDC will take over. The users are able to logg in,
but to have there shares accesseable you should hve the same shares
on PDC and BDC. Write a script when you log on or off to rsync the files of
the users.

Greetings Daniel

On Thu, 26 Mar 2009 11:15:34 -0300, Juan Pablo Michelino
<jpmichelino at jfsecco.com.ar> wrote:
> Hello
> I makeing a Domain Controller with Samba (v3.0.33) and LDAP (v2.4).
> I will install a PDC in the headquarter and a BDC in the subsidiary of 
> the company that I work.
> The PDC and the BDC will have his own LDAP data base.
> I just install the PDC without problems and my next step is to install 
> the BDC.
> I configured the LDAP that work in multi master mode. I made some test 
> and the LDAP works well.
> I need to know if the BDC can write in his local data base.
> In other side: Can the BDC acts as PDC when the conection betwen both 
> servers is broken? I need that the users that works in the subsidiary 
> can log in and make changes in his profiles (e.g. change his password 
> and so on) including when the conection with the headquarter is lost.
> Below I copy the BDC's smb.conf
> Can anyone help me? Thanks.
> 
> # --------------------------------------------------------------------
>     admin users = manager @"Domain Admins" @administradores
>     ntlm auth = yes
>     netbios name = PDC_Rosario
>     workgroup = SECCO
>     lanman auth = no
>     winbind trusted domains only = yes
>     encrypt passwords = yes
>     winbind use default domain = yes
>     server string = BDC
>     domain logons = yes
> 
> # ----------------------- Network Related Options -----------------      
 
> 
>     hosts allow = 10.20.0.0/16 10.18.0.0/16 localhost
> 
> # --------------------------- Logging Options ---------------------
> 
>       max log size = 500
>       log file = /var/log/samba/%m.log
> 
> # ----------------------------- LDAP Options ----------------------
> 
>         ldap passwd sync = yes
>         ldap admin dn = cn=manager,dc=secco,dc=com,dc=ar
>         ldap user suffix = ou=People
>         ldap group suffix = ou=Groups
>         ldap machine suffix = ou=Computers
>         ldap suffix = dc=secco,dc=com,dc=ar
>    
> # ----------------------- Standalone Server Options ---------------
> 
>     security = user
>     passdb backend = ldapsam:ldap://127.0.0.1
> 
> # ----------------------- Domain Members Options -------------------  
> # ----------------------- Domain Controller Options ---------------
> 
>       logon script = login.bat
>       add machine script = /usr/sbin/smbldap-useradd -w "%u"
>       delete user script = /usr/sbin/smbldap-userdel "%u"
>       add group script = /usr/sbin/smbldap-groupadd -p "%g"
>       add user script = /usr/sbin/smbldap-useradd -m "%u"
> 
> # ----------------------- Browser Control Options -----------------
> 
>        local master = yes
>        os level = 65
>        domain master = no
>        preferred master = yes
> 
> #----------------------------- Name Resolution --------------------
> 
>        wins support = yes
>        name resolve order = wins lmhosts bcast
> 
> # --------------------------- Printing Options --------------------
> 
> # --------------------------- Filesystem Options ------------------
> 
> #====================== Share Definitions =========================
> 
> [homes]
> 
>         comment = Home Directories
>         browseable = no
>         writable = no
>         root preexec = /etc/samba/mk_sambadir "/home/%u" "%u" "%g"
>         write list = %S manager
>         valid users = SECCO\%S SECCO\manager
>         inherit permissions = yes
>         force user = %S
>         force group = @administradores
>         directory mask = 0700
>         create mask = 0700
> 
> [netlogon]
>         comment = Network Logon Service
>         browseable = yes
>         path = /home/netlogon
>         guest ok = yes
>         writable = no
>         valid users = SECCO\manager %U
>         write list = llattan
> 
> [shares]
>         comment = Carpeta del grupo Sistemas
>         path = /home2/sistemas
>         valid users = @shares @administradores
>         browseable = yes
>         writable  = no
>         write list = @shares_w @administradores
>   inherit permissions = yes
>         force user = %U
>         force group = share
> 
> 
> # --------------------------------------------------------------------
> 
> 
> --
> Juan Pablo Michelino

More information about the samba mailing list